NAS-Identifier
Paul Bartell
paul-bartell at ubuntu.com
Mon Oct 13 16:08:57 CEST 2008
You can use the called-station-id variable to say yay or nay for
authentication. For example, we have a Staff network, that requires
different usernames/passwords from the regular wifi SSIDS. We use
regex to check for regular users trying to get onto the staff ssid.
On 10/13/08, Alan DeKok <aland at deployingradius.com> wrote:
> Stefan Eck (gmail) wrote:
> > Well, the new NAS device sends 5 different NAS-Identifier. eg WebAdmin,
> > SSLVPN or HTTP. But only one RADIUS can be configured.
>
>
> One one RADIUS can be configured... where?
>
>
> > I'm just thinking about that users can be authenticated via RADIUS
> > server1 and admin(webadmins) can be authenticated via RADIUS server2. Or
> > similar like that.
>
>
> Why?
>
>
> > Currently, I don't have any clue to take advantage of the
> > NAS-Identifier. Where is this attribute configured on the RADIUS. Other
> > devices send the NAS-IP, but this is only relevant for the shared secret
> > or the accouting.
>
>
> No. The server does NOT use the NAS-IP-Address to look up the shared
> secret.
>
> If you want to apply policies based on attributes, see "man unlang".
> You can write complex policies using a very simple language.
>
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Random quote of the week/month/whenever i get to updating it:
"Opportunity knocked. My doorman threw him out." - Adrienne Gusoff
"At school you don't get parole, good behavior only brings a longer
sentence." - The History Boys
More information about the Freeradius-Users
mailing list